26.3.12

Smartphones hike your risk of ID fraud

About 12 million Americans got hit by identity fraud in 2011, a 13% increase from a year earlier, thanks to consumers’ growing use of social-media websites and smartphones, plus a sharp jump in security breaches, according to a recent report from Javelin Strategy & Research.

“The new ways in which people can communicate with each other create new risks,” said Joel Winston, chief privacy officer at ID Analytics, a consumer risk management company.

Some 7% of smartphone owners became identity-fraud victims in 2011, the Javelin survey of 5,000 consumers found. Smartphone users are about one-third more likely to fall prey to identity fraud than the general public, the report found.

Why? Because smartphones are minicomputers that store vast quantities of personal information, yet many users don’t protect their smartphones the way they do laptops and PCs.

“Consumers must be vigilant and in control of their personal data as they move toward these new mobile and social technologies that are putting them at risk,” said James Van Dyke, president of Javelin.

Javelin found that 32% of smartphone owners don’t update to new operating systems when they become available. And 62% don’t use a password on their home screen, meaning that anyone who steals or finds their smartphone can easily access their personal information.

LinkedIn, a site most users consider more “business” than “social,” had the highest identity-fraud incident rate, at 10%, versus 5% for the general population, the Javelin study found.

Meanwhile, 7% of Google Plus users and 6.3% of those on Twitter reported a case of identity fraud. Among Facebook users, 5.7% said they were victims, a surprisingly low percentage — perhaps because of widespread media attention on Facebook’s privacy policies.

People with public profiles that are visible to anyone online were likelier to expose personal information that can be used to access accounts.

On LinkedIn, for example, users tend to be careless about allowing access to their information. Presumably, they assume the site is about connecting with people in the business world, not scammers.

“It’s almost like the desire to be part of something is too great to be cautious,” said Steve Schwartz, executive vice president of Intersections, a risk-management services provider. He encourages users to dig deep into the privacy settings of social-media sites to make sure information is available only to those whom you trust.

Alarming, too, is the correlation between security breaches and ID fraud.

Javelin said that high frequency of fraud could be tied to the number of high-profile, big breaches in 2011 — a 67% spike from 2010 — at companies such as Sony PlayStation, Epsilon, RSA and several government entities.

Here are tips to avoid identity fraud:

Pay attention to security-breach notifications. “Consumers see a lot of these notifications and unfortunately it’s become a little bit of white noise,” Schwartz said. “Most notifications come with some sort of educational note that consumers should use.”

Keep a close watch on your credit cards and bank accounts.

Don’t give out your Social Security number unless you absolutely must, such as to your employer or insurer. If you have health insurance, for example, you shouldn’t have to give the doctor’s office your Social Security number because it’s already tied to your insurance.

Use strong passwords, a mix of letters, numbers and symbols, and use different passwords for each account. Yes, it’s inconvenient but getting your identity stolen is more agonizing. According to credit-reporting firm TransUnion, it takes victims about 30 hours and $500, on average, to resolve identity fraud.

Be careful what you tell your “friends” on social-media sites; scammers may be reading, too. “Assume that anything you post in public areas is fair game,” ID Analytics’s Winston said.